visus-mcp 0.6.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (177) hide show
  1. package/.claude/settings.local.json +6 -1
  2. package/.env.status +7 -0
  3. package/CHANGELOG.md +65 -0
  4. package/CLAUDE.md +3 -0
  5. package/README.md +15 -7
  6. package/SECURITY.md +2 -0
  7. package/STATUS.md +203 -9
  8. package/dist/content-handlers/index.d.ts +36 -0
  9. package/dist/content-handlers/index.d.ts.map +1 -0
  10. package/dist/content-handlers/index.js +59 -0
  11. package/dist/content-handlers/index.js.map +1 -0
  12. package/dist/content-handlers/json-handler.d.ts +28 -0
  13. package/dist/content-handlers/json-handler.d.ts.map +1 -0
  14. package/dist/content-handlers/json-handler.js +116 -0
  15. package/dist/content-handlers/json-handler.js.map +1 -0
  16. package/dist/content-handlers/pdf-handler.d.ts +29 -0
  17. package/dist/content-handlers/pdf-handler.d.ts.map +1 -0
  18. package/dist/content-handlers/pdf-handler.js +77 -0
  19. package/dist/content-handlers/pdf-handler.js.map +1 -0
  20. package/dist/content-handlers/svg-handler.d.ts +35 -0
  21. package/dist/content-handlers/svg-handler.d.ts.map +1 -0
  22. package/dist/content-handlers/svg-handler.js +206 -0
  23. package/dist/content-handlers/svg-handler.js.map +1 -0
  24. package/dist/content-handlers/types.d.ts +42 -0
  25. package/dist/content-handlers/types.d.ts.map +1 -0
  26. package/dist/content-handlers/types.js +7 -0
  27. package/dist/content-handlers/types.js.map +1 -0
  28. package/dist/tools/fetch.d.ts.map +1 -1
  29. package/dist/tools/fetch.js +62 -4
  30. package/dist/tools/fetch.js.map +1 -1
  31. package/package.json +2 -1
  32. package/server.json +2 -2
  33. package/src/content-handlers/index.ts +72 -0
  34. package/src/content-handlers/json-handler.ts +137 -0
  35. package/src/content-handlers/pdf-handler.ts +91 -0
  36. package/src/content-handlers/svg-handler.ts +243 -0
  37. package/src/content-handlers/types.ts +44 -0
  38. package/src/tools/fetch.ts +69 -4
  39. package/.github/ISSUE_TEMPLATE/bug_report.md +0 -47
  40. package/.github/ISSUE_TEMPLATE/false_positive.md +0 -43
  41. package/.github/ISSUE_TEMPLATE/new_pattern.md +0 -49
  42. package/.github/ISSUE_TEMPLATE/security_report.md +0 -31
  43. package/.github/PULL_REQUEST_TEMPLATE.md +0 -39
  44. package/.mcpregistry_github_token +0 -1
  45. package/.mcpregistry_registry_token +0 -1
  46. package/CONTRIBUTING.md +0 -329
  47. package/LINKEDIN-STRATEGY.md +0 -367
  48. package/ROADMAP.md +0 -221
  49. package/SECURITY-AUDIT-v1.md +0 -277
  50. package/SUBMISSION.md +0 -66
  51. package/TROUBLESHOOT-AUTH-20260322-2019.md +0 -291
  52. package/TROUBLESHOOT-BUILD-20260319-1450.md +0 -546
  53. package/TROUBLESHOOT-COGNITO-AUTH-20260324-2029.md +0 -415
  54. package/TROUBLESHOOT-COGNITO-JWT-20260324.md +0 -592
  55. package/TROUBLESHOOT-FETCH-20260320-1150.md +0 -168
  56. package/TROUBLESHOOT-JEST-20260323-1357.md +0 -139
  57. package/TROUBLESHOOT-LAMBDA-20260322-1945.md +0 -183
  58. package/TROUBLESHOOT-PLAYWRIGHT-20260321-1549.md +0 -217
  59. package/TROUBLESHOOT-SSL-20260320-1138.md +0 -171
  60. package/TROUBLESHOOT-STRUCTURED-20260320-1200.md +0 -246
  61. package/TROUBLESHOOT-TEST-20260320-0942.md +0 -281
  62. package/VISUS-CLAUDE-CODE-PROMPT.md +0 -324
  63. package/VISUS-PROJECT-PLAN.md +0 -205
  64. package/cdk.json +0 -73
  65. package/infrastructure/app.ts +0 -39
  66. package/infrastructure/stack.ts +0 -298
  67. package/jest.config.js +0 -33
  68. package/jest.setup.js +0 -9
  69. package/lambda-deploy/index.js +0 -81512
  70. package/lambda-deploy/index.js.map +0 -7
  71. package/lambda-package/browser/__mocks__/playwright-renderer.d.ts +0 -25
  72. package/lambda-package/browser/__mocks__/playwright-renderer.d.ts.map +0 -1
  73. package/lambda-package/browser/__mocks__/playwright-renderer.js +0 -119
  74. package/lambda-package/browser/__mocks__/playwright-renderer.js.map +0 -1
  75. package/lambda-package/browser/playwright-renderer.d.ts +0 -40
  76. package/lambda-package/browser/playwright-renderer.d.ts.map +0 -1
  77. package/lambda-package/browser/playwright-renderer.js +0 -214
  78. package/lambda-package/browser/playwright-renderer.js.map +0 -1
  79. package/lambda-package/browser/reader.d.ts +0 -31
  80. package/lambda-package/browser/reader.d.ts.map +0 -1
  81. package/lambda-package/browser/reader.js +0 -98
  82. package/lambda-package/browser/reader.js.map +0 -1
  83. package/lambda-package/index.d.ts +0 -18
  84. package/lambda-package/index.d.ts.map +0 -1
  85. package/lambda-package/index.js +0 -238
  86. package/lambda-package/index.js.map +0 -1
  87. package/lambda-package/lambda-handler.d.ts +0 -28
  88. package/lambda-package/lambda-handler.d.ts.map +0 -1
  89. package/lambda-package/lambda-handler.js +0 -257
  90. package/lambda-package/lambda-handler.js.map +0 -1
  91. package/lambda-package/package-lock.json +0 -7435
  92. package/lambda-package/package.json +0 -74
  93. package/lambda-package/runtime.d.ts +0 -50
  94. package/lambda-package/runtime.d.ts.map +0 -1
  95. package/lambda-package/runtime.js +0 -86
  96. package/lambda-package/runtime.js.map +0 -1
  97. package/lambda-package/sanitizer/elicit-runner.d.ts +0 -48
  98. package/lambda-package/sanitizer/elicit-runner.d.ts.map +0 -1
  99. package/lambda-package/sanitizer/elicit-runner.js +0 -100
  100. package/lambda-package/sanitizer/elicit-runner.js.map +0 -1
  101. package/lambda-package/sanitizer/framework-mapper.d.ts +0 -24
  102. package/lambda-package/sanitizer/framework-mapper.d.ts.map +0 -1
  103. package/lambda-package/sanitizer/framework-mapper.js +0 -342
  104. package/lambda-package/sanitizer/framework-mapper.js.map +0 -1
  105. package/lambda-package/sanitizer/hitl-gate.d.ts +0 -69
  106. package/lambda-package/sanitizer/hitl-gate.d.ts.map +0 -1
  107. package/lambda-package/sanitizer/hitl-gate.js +0 -101
  108. package/lambda-package/sanitizer/hitl-gate.js.map +0 -1
  109. package/lambda-package/sanitizer/index.d.ts +0 -63
  110. package/lambda-package/sanitizer/index.d.ts.map +0 -1
  111. package/lambda-package/sanitizer/index.js +0 -105
  112. package/lambda-package/sanitizer/index.js.map +0 -1
  113. package/lambda-package/sanitizer/injection-detector.d.ts +0 -34
  114. package/lambda-package/sanitizer/injection-detector.d.ts.map +0 -1
  115. package/lambda-package/sanitizer/injection-detector.js +0 -89
  116. package/lambda-package/sanitizer/injection-detector.js.map +0 -1
  117. package/lambda-package/sanitizer/patterns.d.ts +0 -30
  118. package/lambda-package/sanitizer/patterns.d.ts.map +0 -1
  119. package/lambda-package/sanitizer/patterns.js +0 -372
  120. package/lambda-package/sanitizer/patterns.js.map +0 -1
  121. package/lambda-package/sanitizer/pii-allowlist.d.ts +0 -49
  122. package/lambda-package/sanitizer/pii-allowlist.d.ts.map +0 -1
  123. package/lambda-package/sanitizer/pii-allowlist.js +0 -231
  124. package/lambda-package/sanitizer/pii-allowlist.js.map +0 -1
  125. package/lambda-package/sanitizer/pii-redactor.d.ts +0 -41
  126. package/lambda-package/sanitizer/pii-redactor.d.ts.map +0 -1
  127. package/lambda-package/sanitizer/pii-redactor.js +0 -213
  128. package/lambda-package/sanitizer/pii-redactor.js.map +0 -1
  129. package/lambda-package/sanitizer/severity-classifier.d.ts +0 -33
  130. package/lambda-package/sanitizer/severity-classifier.d.ts.map +0 -1
  131. package/lambda-package/sanitizer/severity-classifier.js +0 -113
  132. package/lambda-package/sanitizer/severity-classifier.js.map +0 -1
  133. package/lambda-package/sanitizer/threat-reporter.d.ts +0 -66
  134. package/lambda-package/sanitizer/threat-reporter.d.ts.map +0 -1
  135. package/lambda-package/sanitizer/threat-reporter.js +0 -163
  136. package/lambda-package/sanitizer/threat-reporter.js.map +0 -1
  137. package/lambda-package/tools/fetch-structured.d.ts +0 -51
  138. package/lambda-package/tools/fetch-structured.d.ts.map +0 -1
  139. package/lambda-package/tools/fetch-structured.js +0 -237
  140. package/lambda-package/tools/fetch-structured.js.map +0 -1
  141. package/lambda-package/tools/fetch.d.ts +0 -49
  142. package/lambda-package/tools/fetch.d.ts.map +0 -1
  143. package/lambda-package/tools/fetch.js +0 -131
  144. package/lambda-package/tools/fetch.js.map +0 -1
  145. package/lambda-package/tools/read.d.ts +0 -51
  146. package/lambda-package/tools/read.d.ts.map +0 -1
  147. package/lambda-package/tools/read.js +0 -127
  148. package/lambda-package/tools/read.js.map +0 -1
  149. package/lambda-package/tools/search.d.ts +0 -45
  150. package/lambda-package/tools/search.d.ts.map +0 -1
  151. package/lambda-package/tools/search.js +0 -220
  152. package/lambda-package/tools/search.js.map +0 -1
  153. package/lambda-package/types.d.ts +0 -167
  154. package/lambda-package/types.d.ts.map +0 -1
  155. package/lambda-package/types.js +0 -16
  156. package/lambda-package/types.js.map +0 -1
  157. package/lambda-package/utils/format-converter.d.ts +0 -39
  158. package/lambda-package/utils/format-converter.d.ts.map +0 -1
  159. package/lambda-package/utils/format-converter.js +0 -191
  160. package/lambda-package/utils/format-converter.js.map +0 -1
  161. package/lambda-package/utils/truncate.d.ts +0 -26
  162. package/lambda-package/utils/truncate.d.ts.map +0 -1
  163. package/lambda-package/utils/truncate.js +0 -54
  164. package/lambda-package/utils/truncate.js.map +0 -1
  165. package/lambda.zip +0 -0
  166. package/test-output.txt +0 -4
  167. package/tests/auth-smoke.test.ts +0 -480
  168. package/tests/elicit-runner.test.ts +0 -232
  169. package/tests/fetch-tool.test.ts +0 -922
  170. package/tests/hitl-gate.test.ts +0 -267
  171. package/tests/injection-corpus.ts +0 -338
  172. package/tests/pii-allowlist.test.ts +0 -282
  173. package/tests/reader.test.ts +0 -353
  174. package/tests/sanitizer.test.ts +0 -358
  175. package/tests/search.test.ts +0 -456
  176. package/tests/threat-reporter.test.ts +0 -334
  177. package/tsconfig.cdk.json +0 -35
@@ -1,105 +0,0 @@
1
- /**
2
- * Sanitizer Orchestrator
3
- *
4
- * Main entry point for content sanitization. Coordinates injection detection
5
- * and PII redaction pipelines.
6
- *
7
- * CRITICAL: This is the core security mechanism. Every web page MUST pass
8
- * through this sanitizer before reaching the LLM. This cannot be bypassed.
9
- */
10
- import { detectAndNeutralize, getSeverityScore, hasCriticalThreats } from './injection-detector.js';
11
- import { redactPII } from './pii-redactor.js';
12
- import { generateThreatReport } from './threat-reporter.js';
13
- /**
14
- * Sanitize content through the full pipeline
15
- *
16
- * Pipeline:
17
- * 1. Injection detection and neutralization (43 patterns)
18
- * 2. PII redaction (email, phone, SSN, CC, IP) with allowlisting
19
- * 3. Metadata collection and logging
20
- *
21
- * @param content Raw content from web page
22
- * @param sourceUrl Optional source URL for domain-scoped PII allowlisting
23
- * @returns Sanitized content with detection metadata
24
- */
25
- export function sanitize(content, sourceUrl) {
26
- const originalLength = content.length;
27
- // Step 1: Detect and neutralize injection patterns
28
- const injectionResult = detectAndNeutralize(content);
29
- // Step 2: Redact PII from the already-sanitized content (with allowlisting)
30
- const piiResult = redactPII(injectionResult.content, sourceUrl);
31
- // Step 3: Combine results
32
- const finalContent = piiResult.content;
33
- const contentModified = injectionResult.content_modified || piiResult.content_modified;
34
- const severityScore = getSeverityScore(injectionResult.metadata.detections_by_severity);
35
- const criticalThreats = hasCriticalThreats(injectionResult.metadata.detections_by_severity);
36
- // Log to stderr for monitoring (not stdout - MCP protocol)
37
- logSanitization({
38
- patterns_detected: injectionResult.patterns_detected,
39
- pii_types_redacted: piiResult.pii_types_redacted,
40
- pii_allowlisted: piiResult.pii_allowlisted,
41
- severity_score: severityScore,
42
- has_critical_threats: criticalThreats,
43
- content_modified: contentModified
44
- });
45
- // Step 4: Generate threat report (only if findings exist)
46
- const threatReport = generateThreatReport({
47
- patterns_detected: injectionResult.patterns_detected,
48
- pii_redacted: piiResult.pii_types_redacted.length,
49
- source_url: sourceUrl || 'unknown',
50
- detections_by_severity: injectionResult.metadata.detections_by_severity
51
- });
52
- const result = {
53
- content: finalContent,
54
- sanitization: {
55
- patterns_detected: injectionResult.patterns_detected,
56
- pii_types_redacted: piiResult.pii_types_redacted,
57
- pii_allowlisted: piiResult.pii_allowlisted,
58
- content_modified: contentModified
59
- },
60
- metadata: {
61
- original_length: originalLength,
62
- sanitized_length: finalContent.length,
63
- severity_score: severityScore,
64
- has_critical_threats: criticalThreats,
65
- detections_by_severity: injectionResult.metadata.detections_by_severity
66
- }
67
- };
68
- // Include threat_report only if findings exist
69
- if (threatReport) {
70
- result.threat_report = threatReport;
71
- }
72
- return result;
73
- }
74
- /**
75
- * Log sanitization events to stderr for monitoring
76
- * (structured JSON logging per Lateos conventions)
77
- */
78
- function logSanitization(event) {
79
- const logEntry = {
80
- timestamp: new Date().toISOString(),
81
- event: 'sanitization',
82
- ...event
83
- };
84
- // Only log if there were detections (reduce noise)
85
- if (event.content_modified || event.pii_allowlisted.length > 0) {
86
- console.error(JSON.stringify(logEntry));
87
- }
88
- }
89
- /**
90
- * Quick check: does content need sanitization?
91
- * (Used for optimization - skip pipeline if content is clean)
92
- *
93
- * Note: Still run full pipeline for safety, but this can be used for metrics
94
- */
95
- export function needsSanitization(_content) {
96
- // Always sanitize - this is just a helper for metrics
97
- return true;
98
- }
99
- /**
100
- * Export sub-components for testing
101
- */
102
- export { detectAndNeutralize } from './injection-detector.js';
103
- export { redactPII, containsPII, detectPIITypes } from './pii-redactor.js';
104
- export { INJECTION_PATTERNS, getAllPatternNames } from './patterns.js';
105
- //# sourceMappingURL=index.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sanitizer/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AACpG,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAE,oBAAoB,EAAqB,MAAM,sBAAsB,CAAC;AAyB/E;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,QAAQ,CAAC,OAAe,EAAE,SAAkB;IAC1D,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IAEtC,mDAAmD;IACnD,MAAM,eAAe,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;IAErD,4EAA4E;IAC5E,MAAM,SAAS,GAAG,SAAS,CAAC,eAAe,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAEhE,0BAA0B;IAC1B,MAAM,YAAY,GAAG,SAAS,CAAC,OAAO,CAAC;IACvC,MAAM,eAAe,GAAG,eAAe,CAAC,gBAAgB,IAAI,SAAS,CAAC,gBAAgB,CAAC;IAEvF,MAAM,aAAa,GAAG,gBAAgB,CAAC,eAAe,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IACxF,MAAM,eAAe,GAAG,kBAAkB,CAAC,eAAe,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IAE5F,2DAA2D;IAC3D,eAAe,CAAC;QACd,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;QACpD,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;QAChD,eAAe,EAAE,SAAS,CAAC,eAAe;QAC1C,cAAc,EAAE,aAAa;QAC7B,oBAAoB,EAAE,eAAe;QACrC,gBAAgB,EAAE,eAAe;KAClC,CAAC,CAAC;IAEH,0DAA0D;IAC1D,MAAM,YAAY,GAAG,oBAAoB,CAAC;QACxC,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;QACpD,YAAY,EAAE,SAAS,CAAC,kBAAkB,CAAC,MAAM;QACjD,UAAU,EAAE,SAAS,IAAI,SAAS;QAClC,sBAAsB,EAAE,eAAe,CAAC,QAAQ,CAAC,sBAAsB;KACxE,CAAC,CAAC;IAEH,MAAM,MAAM,GAAuB;QACjC,OAAO,EAAE,YAAY;QACrB,YAAY,EAAE;YACZ,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;YACpD,kBAAkB,EAAE,SAAS,CAAC,kBAAkB;YAChD,eAAe,EAAE,SAAS,CAAC,eAAe;YAC1C,gBAAgB,EAAE,eAAe;SAClC;QACD,QAAQ,EAAE;YACR,eAAe,EAAE,cAAc;YAC/B,gBAAgB,EAAE,YAAY,CAAC,MAAM;YACrC,cAAc,EAAE,aAAa;YAC7B,oBAAoB,EAAE,eAAe;YACrC,sBAAsB,EAAE,eAAe,CAAC,QAAQ,CAAC,sBAAsB;SACxE;KACF,CAAC;IAEF,+CAA+C;IAC/C,IAAI,YAAY,EAAE,CAAC;QACjB,MAAM,CAAC,aAAa,GAAG,YAAY,CAAC;IACtC,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,KAOxB;IACC,MAAM,QAAQ,GAAG;QACf,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,KAAK,EAAE,cAAc;QACrB,GAAG,KAAK;KACT,CAAC;IAEF,mDAAmD;IACnD,IAAI,KAAK,CAAC,gBAAgB,IAAI,KAAK,CAAC,eAAe,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/D,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;IAC1C,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB;IAChD,sDAAsD;IACtD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAC3E,OAAO,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,eAAe,CAAC"}
@@ -1,34 +0,0 @@
1
- /**
2
- * Injection Detection Engine
3
- *
4
- * Scans content against all 43 injection patterns and neutralizes threats
5
- * based on pattern action directives (strip, redact, escape).
6
- */
7
- export interface DetectionResult {
8
- content: string;
9
- patterns_detected: string[];
10
- content_modified: boolean;
11
- metadata: {
12
- original_length: number;
13
- sanitized_length: number;
14
- detections_by_severity: {
15
- critical: number;
16
- high: number;
17
- medium: number;
18
- low: number;
19
- };
20
- };
21
- }
22
- /**
23
- * Detect and neutralize injection patterns in content
24
- */
25
- export declare function detectAndNeutralize(content: string): DetectionResult;
26
- /**
27
- * Get severity score for logging/monitoring
28
- */
29
- export declare function getSeverityScore(detectionsBySeverity: DetectionResult['metadata']['detections_by_severity']): number;
30
- /**
31
- * Check if content has critical threats
32
- */
33
- export declare function hasCriticalThreats(detectionsBySeverity: DetectionResult['metadata']['detections_by_severity']): boolean;
34
- //# sourceMappingURL=injection-detector.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"injection-detector.d.ts","sourceRoot":"","sources":["../../src/sanitizer/injection-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAIH,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,EAAE,MAAM,EAAE,CAAC;IAC5B,gBAAgB,EAAE,OAAO,CAAC;IAC1B,QAAQ,EAAE;QACR,eAAe,EAAE,MAAM,CAAC;QACxB,gBAAgB,EAAE,MAAM,CAAC;QACzB,sBAAsB,EAAE;YACtB,QAAQ,EAAE,MAAM,CAAC;YACjB,IAAI,EAAE,MAAM,CAAC;YACb,MAAM,EAAE,MAAM,CAAC;YACf,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;CACH;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,eAAe,CAmCpE;AAwCD;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,oBAAoB,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC,wBAAwB,CAAC,GAAG,MAAM,CAOpH;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,oBAAoB,EAAE,eAAe,CAAC,UAAU,CAAC,CAAC,wBAAwB,CAAC,GAAG,OAAO,CAEvH"}
@@ -1,89 +0,0 @@
1
- /**
2
- * Injection Detection Engine
3
- *
4
- * Scans content against all 43 injection patterns and neutralizes threats
5
- * based on pattern action directives (strip, redact, escape).
6
- */
7
- import { INJECTION_PATTERNS } from './patterns.js';
8
- /**
9
- * Detect and neutralize injection patterns in content
10
- */
11
- export function detectAndNeutralize(content) {
12
- const originalLength = content.length;
13
- const patternsDetected = new Set();
14
- const detectionsBySeverity = {
15
- critical: 0,
16
- high: 0,
17
- medium: 0,
18
- low: 0
19
- };
20
- let sanitizedContent = content;
21
- // Apply each pattern
22
- for (const pattern of INJECTION_PATTERNS) {
23
- const matches = sanitizedContent.match(pattern.regex);
24
- if (matches && matches.length > 0) {
25
- patternsDetected.add(pattern.name);
26
- detectionsBySeverity[pattern.severity] += matches.length;
27
- // Apply action
28
- sanitizedContent = applyAction(sanitizedContent, pattern);
29
- }
30
- }
31
- return {
32
- content: sanitizedContent,
33
- patterns_detected: Array.from(patternsDetected),
34
- content_modified: sanitizedContent !== content,
35
- metadata: {
36
- original_length: originalLength,
37
- sanitized_length: sanitizedContent.length,
38
- detections_by_severity: detectionsBySeverity
39
- }
40
- };
41
- }
42
- /**
43
- * Apply the appropriate action for a pattern match
44
- */
45
- function applyAction(content, pattern) {
46
- switch (pattern.action) {
47
- case 'strip':
48
- // Remove matched content entirely
49
- return content.replace(pattern.regex, '');
50
- case 'redact':
51
- // Replace with redaction marker
52
- return content.replace(pattern.regex, `[REDACTED:${pattern.name.toUpperCase()}]`);
53
- case 'escape':
54
- // HTML escape matched content
55
- return content.replace(pattern.regex, (match) => escapeHtml(match));
56
- default:
57
- return content;
58
- }
59
- }
60
- /**
61
- * HTML escape special characters
62
- */
63
- function escapeHtml(text) {
64
- const htmlEntities = {
65
- '&': '&',
66
- '<': '&lt;',
67
- '>': '&gt;',
68
- '"': '&quot;',
69
- "'": '&#39;',
70
- '/': '&#x2F;'
71
- };
72
- return text.replace(/[&<>"'/]/g, (char) => htmlEntities[char] || char);
73
- }
74
- /**
75
- * Get severity score for logging/monitoring
76
- */
77
- export function getSeverityScore(detectionsBySeverity) {
78
- return (detectionsBySeverity.critical * 100 +
79
- detectionsBySeverity.high * 50 +
80
- detectionsBySeverity.medium * 10 +
81
- detectionsBySeverity.low * 1);
82
- }
83
- /**
84
- * Check if content has critical threats
85
- */
86
- export function hasCriticalThreats(detectionsBySeverity) {
87
- return detectionsBySeverity.critical > 0;
88
- }
89
- //# sourceMappingURL=injection-detector.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"injection-detector.js","sourceRoot":"","sources":["../../src/sanitizer/injection-detector.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,kBAAkB,EAAyB,MAAM,eAAe,CAAC;AAkB1E;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAe;IACjD,MAAM,cAAc,GAAG,OAAO,CAAC,MAAM,CAAC;IACtC,MAAM,gBAAgB,GAAG,IAAI,GAAG,EAAU,CAAC;IAC3C,MAAM,oBAAoB,GAAG;QAC3B,QAAQ,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,MAAM,EAAE,CAAC;QACT,GAAG,EAAE,CAAC;KACP,CAAC;IAEF,IAAI,gBAAgB,GAAG,OAAO,CAAC;IAE/B,qBAAqB;IACrB,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,gBAAgB,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAEtD,IAAI,OAAO,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAClC,gBAAgB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;YACnC,oBAAoB,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,OAAO,CAAC,MAAM,CAAC;YAEzD,eAAe;YACf,gBAAgB,GAAG,WAAW,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,OAAO;QACL,OAAO,EAAE,gBAAgB;QACzB,iBAAiB,EAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC;QAC/C,gBAAgB,EAAE,gBAAgB,KAAK,OAAO;QAC9C,QAAQ,EAAE;YACR,eAAe,EAAE,cAAc;YAC/B,gBAAgB,EAAE,gBAAgB,CAAC,MAAM;YACzC,sBAAsB,EAAE,oBAAoB;SAC7C;KACF,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,OAAe,EAAE,OAAyB;IAC7D,QAAQ,OAAO,CAAC,MAAM,EAAE,CAAC;QACvB,KAAK,OAAO;YACV,kCAAkC;YAClC,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;QAE5C,KAAK,QAAQ;YACX,gCAAgC;YAChC,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,aAAa,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QAEpF,KAAK,QAAQ;YACX,8BAA8B;YAC9B,OAAO,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;QAEtE;YACE,OAAO,OAAO,CAAC;IACnB,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,UAAU,CAAC,IAAY;IAC9B,MAAM,YAAY,GAA2B;QAC3C,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,MAAM;QACX,GAAG,EAAE,MAAM;QACX,GAAG,EAAE,QAAQ;QACb,GAAG,EAAE,OAAO;QACZ,GAAG,EAAE,QAAQ;KACd,CAAC;IAEF,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,oBAA2E;IAC1G,OAAO,CACL,oBAAoB,CAAC,QAAQ,GAAG,GAAG;QACnC,oBAAoB,CAAC,IAAI,GAAG,EAAE;QAC9B,oBAAoB,CAAC,MAAM,GAAG,EAAE;QAChC,oBAAoB,CAAC,GAAG,GAAG,CAAC,CAC7B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,oBAA2E;IAC5G,OAAO,oBAAoB,CAAC,QAAQ,GAAG,CAAC,CAAC;AAC3C,CAAC"}
@@ -1,30 +0,0 @@
1
- /**
2
- * Lateos Injection Pattern Library
3
- *
4
- * 43 validated injection pattern categories for detecting and neutralizing
5
- * prompt injection attacks in web content before it reaches the LLM.
6
- *
7
- * Each pattern includes:
8
- * - name: Pattern identifier
9
- * - description: What this pattern detects
10
- * - regex: Detection pattern (case-insensitive by default)
11
- * - severity: risk level (critical, high, medium, low)
12
- * - action: how to handle matches (strip, redact, escape)
13
- */
14
- export interface InjectionPattern {
15
- name: string;
16
- description: string;
17
- regex: RegExp;
18
- severity: 'critical' | 'high' | 'medium' | 'low';
19
- action: 'strip' | 'redact' | 'escape';
20
- }
21
- export declare const INJECTION_PATTERNS: InjectionPattern[];
22
- /**
23
- * Get all pattern names for logging/testing
24
- */
25
- export declare function getAllPatternNames(): string[];
26
- /**
27
- * Get patterns by severity level
28
- */
29
- export declare function getPatternsBySeverity(severity: 'critical' | 'high' | 'medium' | 'low'): InjectionPattern[];
30
- //# sourceMappingURL=patterns.d.ts.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"patterns.d.ts","sourceRoot":"","sources":["../../src/sanitizer/patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;IACjD,MAAM,EAAE,OAAO,GAAG,QAAQ,GAAG,QAAQ,CAAC;CACvC;AAED,eAAO,MAAM,kBAAkB,EAAE,gBAAgB,EAmYhD,CAAC;AAEF;;GAEG;AACH,wBAAgB,kBAAkB,IAAI,MAAM,EAAE,CAE7C;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,GAAG,gBAAgB,EAAE,CAE1G"}
@@ -1,372 +0,0 @@
1
- /**
2
- * Lateos Injection Pattern Library
3
- *
4
- * 43 validated injection pattern categories for detecting and neutralizing
5
- * prompt injection attacks in web content before it reaches the LLM.
6
- *
7
- * Each pattern includes:
8
- * - name: Pattern identifier
9
- * - description: What this pattern detects
10
- * - regex: Detection pattern (case-insensitive by default)
11
- * - severity: risk level (critical, high, medium, low)
12
- * - action: how to handle matches (strip, redact, escape)
13
- */
14
- export const INJECTION_PATTERNS = [
15
- // 1. Comment injection (must come before direct_instruction_injection to avoid false positives)
16
- {
17
- name: 'comment_injection',
18
- description: 'Instructions hidden in HTML/JS/SQL comments',
19
- regex: /<!--[\s\S]*?(ignore|admin|system|instruction|bypass|override)[\s\S]*?-->|\/\*[\s\S]*?(ignore|admin|system|instruction)[\s\S]*?\*\/|\/\/\s*(ignore|admin|system)\b|--\s*(ignore|bypass)\b|#\s*(ignore|admin|override)\b/gi,
20
- severity: 'medium',
21
- action: 'strip'
22
- },
23
- // 2. Direct instruction injection
24
- {
25
- name: 'direct_instruction_injection',
26
- description: 'Attempts to override or ignore previous instructions',
27
- regex: /\b(ignore|disregard|forget|override|replace|substitute)\s+(all\s+)?(previous|prior|above|earlier|your)\s+(instructions?|prompts?|commands?|directions?|rules?)\b/gi,
28
- severity: 'critical',
29
- action: 'redact'
30
- },
31
- // 3. Role hijacking
32
- {
33
- name: 'role_hijacking',
34
- description: 'Attempts to change AI persona or role',
35
- regex: /\b(you\s+are\s+now|your\s+new\s+(role|persona|identity)\s+is|act\s+as|pretend\s+(you\s+are|to\s+be)|roleplay\s+as)\b/gi,
36
- severity: 'critical',
37
- action: 'redact'
38
- },
39
- // 3. System prompt extraction
40
- {
41
- name: 'system_prompt_extraction',
42
- description: 'Attempts to reveal system instructions',
43
- regex: /\b(repeat|print|show|display|reveal|output|tell\s+me)\s+(your|the)\s+(system\s+)?(prompt|instructions?|rules|guidelines|directives|configuration)\b/gi,
44
- severity: 'high',
45
- action: 'redact'
46
- },
47
- // 4. Privilege escalation
48
- {
49
- name: 'privilege_escalation',
50
- description: 'Attempts to gain elevated permissions',
51
- regex: /\b(admin\s+mode|administrator\s+access|developer\s+(mode|override)|root\s+access|elevated\s+privileges?|emergency\s+protocol|debug\s+mode|sudo\s+mode)\b/gi,
52
- severity: 'critical',
53
- action: 'redact'
54
- },
55
- // 5. Context poisoning
56
- {
57
- name: 'context_poisoning',
58
- description: 'Falsely claims prior agreement or context',
59
- regex: /\b(the\s+user\s+(said|told|mentioned|confirmed)|as\s+(we\s+)?(discussed|agreed|confirmed)\s+(earlier|previously|before)|you\s+already\s+(said|agreed|confirmed)|continuing\s+from\s+(our|the)\s+previous)\b/gi,
60
- severity: 'high',
61
- action: 'redact'
62
- },
63
- // 6. Data exfiltration
64
- {
65
- name: 'data_exfiltration',
66
- description: 'Attempts to send data to external endpoints',
67
- regex: /\b(send|post|transmit|forward|email|upload)\s+(this|the|all|your)\s+(to|data|information)\b.*?\b(http|mailto|ftp):/gi,
68
- severity: 'critical',
69
- action: 'redact'
70
- },
71
- // 7. Encoding obfuscation - Base64
72
- {
73
- name: 'base64_obfuscation',
74
- description: 'Base64-encoded instructions',
75
- regex: /\b(decode|decipher|decrypt)\s+(this\s+)?(base64|b64)\b.*?[A-Za-z0-9+/]{20,}={0,2}/gi,
76
- severity: 'high',
77
- action: 'redact'
78
- },
79
- // 8. Unicode lookalike characters
80
- {
81
- name: 'unicode_lookalikes',
82
- description: 'Uses visually similar Unicode characters',
83
- regex: /[\u0430-\u044f\u0410-\u042f].*\b(ignore|admin|system)\b/gi, // Cyrillic mixed with English
84
- severity: 'medium',
85
- action: 'strip'
86
- },
87
- // 9. Zero-width characters
88
- {
89
- name: 'zero_width_characters',
90
- description: 'Hidden zero-width Unicode characters',
91
- regex: /[\u200B-\u200D\uFEFF]/g,
92
- severity: 'high',
93
- action: 'strip'
94
- },
95
- // 10. HTML script injection
96
- {
97
- name: 'html_script_injection',
98
- description: 'HTML script tags or event handlers',
99
- regex: /<script\b[^>]*>[\s\S]*?<\/script>|<iframe\b[^>]*>|on(click|load|error|mouse\w+)\s*=/gi,
100
- severity: 'critical',
101
- action: 'escape'
102
- },
103
- // 11. Data URI injection
104
- {
105
- name: 'data_uri_injection',
106
- description: 'Data URIs that could contain instructions',
107
- regex: /data:text\/(html|javascript)[;,]/gi,
108
- severity: 'high',
109
- action: 'redact'
110
- },
111
- // 12. Markdown link injection
112
- {
113
- name: 'markdown_link_injection',
114
- description: 'Malicious markdown links',
115
- regex: /\[.*?\]\s*\(\s*javascript:|!\[.*?\]\s*\(\s*data:/gi,
116
- severity: 'high',
117
- action: 'redact'
118
- },
119
- // 13. URL fragment attacks (HashJack)
120
- {
121
- name: 'url_fragment_hashjack',
122
- description: 'Instructions hidden in URL fragments',
123
- regex: /#(ignore|admin|system|prompt)[_\w]*\s+/gi,
124
- severity: 'medium',
125
- action: 'strip'
126
- },
127
- // 14. Social engineering urgency
128
- {
129
- name: 'social_engineering_urgency',
130
- description: 'Urgency language to bypass caution',
131
- regex: /\b(urgent|critical|emergency|immediately|asap|right\s+now|time\s+sensitive|must\s+act\s+now)\b.*\b(ignore|override|bypass)\b/gi,
132
- severity: 'medium',
133
- action: 'redact'
134
- },
135
- // 15. Instruction delimiter injection
136
- {
137
- name: 'instruction_delimiter_injection',
138
- description: 'Fake instruction boundaries',
139
- regex: /\b(end\s+of\s+(instructions?|prompt)|new\s+instructions?|<\/?instruction>|---\s*system\s*---)\b/gi,
140
- severity: 'high',
141
- action: 'redact'
142
- },
143
- // 16. Multi-language obfuscation
144
- {
145
- name: 'multi_language_obfuscation',
146
- description: 'Instructions in non-English using English keywords',
147
- regex: /\b(ignorar|ignorer|ignora|überspringen)\b.*\b(instrucciones|instructions|istruzioni)\b/gi,
148
- severity: 'medium',
149
- action: 'redact'
150
- },
151
- // 17. Reverse text obfuscation
152
- {
153
- name: 'reverse_text_obfuscation',
154
- description: 'Instructions written backwards',
155
- regex: /\b(erongi|nimda|tpmorp|metsys)\b/gi, // "ignore", "admin", "prompt", "system" reversed
156
- severity: 'medium',
157
- action: 'strip'
158
- },
159
- // 18. Leetspeak obfuscation
160
- {
161
- name: 'leetspeak_obfuscation',
162
- description: 'L33tspeak encoded instructions',
163
- regex: /\b(1gn0r3|4dm1n|sy5t3m|pr0mpt|1nstruct10n)\b/gi,
164
- severity: 'low',
165
- action: 'strip'
166
- },
167
- // 19. Jailbreak keywords
168
- {
169
- name: 'jailbreak_keywords',
170
- description: 'Common jailbreak attempt keywords',
171
- regex: /\b(jailbreak|dan\s+mode|developer\s+mode\s+enabled|anarchy\s+mode|unrestricted\s+mode)\b/gi,
172
- severity: 'critical',
173
- action: 'redact'
174
- },
175
- // 20. Token smuggling
176
- {
177
- name: 'token_smuggling',
178
- description: 'Attempts to inject special tokens',
179
- regex: /<\|im_(start|end)\|>|<\|endoftext\|>|\[INST\]|\[\/INST\]/gi,
180
- severity: 'high',
181
- action: 'redact'
182
- },
183
- // 21. System message injection
184
- {
185
- name: 'system_message_injection',
186
- description: 'Fake system messages',
187
- regex: /\[SYSTEM\]|\[ASSISTANT\]|\[USER\]|<\|system\|>/gi,
188
- severity: 'high',
189
- action: 'redact'
190
- },
191
- // 22. Conversation reset
192
- {
193
- name: 'conversation_reset',
194
- description: 'Attempts to reset conversation state',
195
- regex: /\b(reset|restart|clear|new)\s+(conversation|chat|session|context)\b/gi,
196
- severity: 'medium',
197
- action: 'redact'
198
- },
199
- // 23. Memory manipulation
200
- {
201
- name: 'memory_manipulation',
202
- description: 'Attempts to manipulate AI memory or implant false context',
203
- regex: /\b(remember|memorize|recall|don'?t\s+forget)\s+(that\s+)?(I\s+am|you\s+are|we\s+are|you\s+must|I\s+told\s+you|you\s+already|your\s+administrator|your\s+creator)\b/gi,
204
- severity: 'medium',
205
- action: 'redact'
206
- },
207
- // 24. Capability probing
208
- {
209
- name: 'capability_probing',
210
- description: 'Probes for hidden capabilities',
211
- regex: /\b(can\s+you|are\s+you\s+able\s+to)\s+(access|browse|execute|run|download)\b/gi,
212
- severity: 'low',
213
- action: 'strip'
214
- },
215
- // 25. Chain-of-thought manipulation
216
- {
217
- name: 'chain_of_thought_manipulation',
218
- description: 'Manipulates reasoning process',
219
- regex: /\blet'?s\s+think\s+step\s+by\s+step\b.*\b(ignore|bypass|override)\b/gi,
220
- severity: 'medium',
221
- action: 'redact'
222
- },
223
- // 26. Hypothetical scenario injection
224
- {
225
- name: 'hypothetical_scenario_injection',
226
- description: 'Uses hypotheticals to bypass restrictions',
227
- regex: /\b(hypothetically|imagine\s+you\s+could|in\s+a\s+world\s+where|pretend\s+there\s+are\s+no|let'?s\s+say\s+you\s+were\s+allowed|if\s+you\s+had\s+no\s+restrictions|for\s+the\s+sake\s+of\s+argument|suppose|what\s+if)\b.*\b(unrestricted|ignore|bypass|allowed|no\s+rules|no\s+guidelines|were\s+able)\b/gi,
228
- severity: 'medium',
229
- action: 'redact'
230
- },
231
- // 27. Ethical override
232
- {
233
- name: 'ethical_override',
234
- description: 'Attempts to override ethical guidelines',
235
- regex: /\b(ignore|bypass|disable)\s+(ethics|safety|guidelines|guardrails|restrictions)\b/gi,
236
- severity: 'critical',
237
- action: 'redact'
238
- },
239
- // 28. Output format manipulation
240
- {
241
- name: 'output_format_manipulation',
242
- description: 'Manipulates output format to hide instructions',
243
- regex: /\b(format|structure|style)\s+your\s+(response|output)\s+as\b.*\b(system|admin|instruction)\b/gi,
244
- severity: 'medium',
245
- action: 'redact'
246
- },
247
- // 29. Negative instruction
248
- {
249
- name: 'negative_instruction',
250
- description: 'Uses negation to inject instructions',
251
- regex: /\bdo\s+not\s+(tell|mention|say)\s+(anyone|the\s+user)\b/gi,
252
- severity: 'low',
253
- action: 'strip'
254
- },
255
- // 30. Credential harvesting
256
- {
257
- name: 'credential_harvesting',
258
- description: 'Attempts to harvest credentials',
259
- regex: /\b(enter|provide|give\s+me)\s+(your|the)\s+(password|api\s+key|token|credentials?|secret)\b/gi,
260
- severity: 'critical',
261
- action: 'redact'
262
- },
263
- // 31. Time-based triggers
264
- {
265
- name: 'time_based_triggers',
266
- description: 'Conditional execution based on time',
267
- regex: /\b(after|when|once)\s+\d+\s+(seconds?|minutes?|hours?)\b.*\b(then|execute|run)\b/gi,
268
- severity: 'low',
269
- action: 'strip'
270
- },
271
- // 32. Code execution requests
272
- {
273
- name: 'code_execution_requests',
274
- description: 'Requests code execution or contains dangerous code patterns',
275
- regex: /\b(execute(?!-api\.)|run\s+the\s+following|eval\(|exec\(|os\.system|subprocess|__import__|shell\s+command|bash\s+-c)\b/gi,
276
- severity: 'high',
277
- action: 'redact'
278
- },
279
- // 32. File system access
280
- {
281
- name: 'file_system_access',
282
- description: 'Requests file system operations',
283
- regex: /\b(read|write|delete|access)\s+(file|directory|folder)\b/gi,
284
- severity: 'high',
285
- action: 'redact'
286
- },
287
- // 33. Training data extraction
288
- {
289
- name: 'training_data_extraction',
290
- description: 'Attempts to extract training data',
291
- regex: /\b(repeat|recite|output)\s+(verbatim|exactly)\s+(from\s+your\s+)?(training|data|corpus)\b/gi,
292
- severity: 'high',
293
- action: 'redact'
294
- },
295
- // 34. Simulator mode
296
- {
297
- name: 'simulator_mode',
298
- description: 'Requests simulator/VM mode',
299
- regex: /\b(simulate|emulate|pretend\s+you\s+are)\s+(a\s+)?(linux|terminal|bash|shell|vm|virtual\s+machine)\b/gi,
300
- severity: 'medium',
301
- action: 'redact'
302
- },
303
- // 35. Nested encoding
304
- {
305
- name: 'nested_encoding',
306
- description: 'Multiple layers of encoding or double-encoded sequences',
307
- regex: /\b(decode|decrypt|decipher)\s+(this\s+)?(twice|again|multiple\s+times)\b|%25[0-9A-F]{2}|[A-Za-z0-9+/]{40,}={0,2}.*[A-Za-z0-9+/]{40,}={0,2}/gi,
308
- severity: 'high',
309
- action: 'redact'
310
- },
311
- // 36. Payload splitting
312
- {
313
- name: 'payload_splitting',
314
- description: 'Splits payload across multiple inputs',
315
- regex: /\b(combine|concatenate|join)\s+(the\s+)?(previous|above)\s+(parts?|sections?|fragments?)\b/gi,
316
- severity: 'medium',
317
- action: 'redact'
318
- },
319
- // 37. CSS-based hiding
320
- {
321
- name: 'css_hiding',
322
- description: 'Hidden content via CSS',
323
- regex: /display\s*:\s*none|visibility\s*:\s*hidden|opacity\s*:\s*0/gi,
324
- severity: 'medium',
325
- action: 'strip'
326
- },
327
- // 38. Authority impersonation
328
- {
329
- name: 'authority_impersonation',
330
- description: 'Claims to be an authority figure',
331
- regex: /\b(I\s+am|this\s+is)\s+(your\s+)?(developer|creator|administrator|ceo|manager)\b/gi,
332
- severity: 'high',
333
- action: 'redact'
334
- },
335
- // 40. Testing/debugging claims
336
- {
337
- name: 'testing_debugging_claims',
338
- description: 'Claims this is a test environment',
339
- regex: /\b(this\s+is\s+a\s+)?(test|testing|debug|debugging)\s+(environment|mode|session)\b/gi,
340
- severity: 'medium',
341
- action: 'redact'
342
- },
343
- // 41. Callback URL injection
344
- {
345
- name: 'callback_url_injection',
346
- description: 'Suspicious callback URLs',
347
- regex: /\b(callback|webhook|redirect)\s+(url|endpoint)\s*[:=]\s*https?:\/\/(?!localhost)/gi,
348
- severity: 'high',
349
- action: 'redact'
350
- },
351
- // 43. Whitespace steganography
352
- {
353
- name: 'whitespace_steganography',
354
- description: 'Hidden content in whitespace patterns',
355
- regex: /\s{10,}/g,
356
- severity: 'low',
357
- action: 'strip'
358
- }
359
- ];
360
- /**
361
- * Get all pattern names for logging/testing
362
- */
363
- export function getAllPatternNames() {
364
- return INJECTION_PATTERNS.map(p => p.name);
365
- }
366
- /**
367
- * Get patterns by severity level
368
- */
369
- export function getPatternsBySeverity(severity) {
370
- return INJECTION_PATTERNS.filter(p => p.severity === severity);
371
- }
372
- //# sourceMappingURL=patterns.js.map
@@ -1 +0,0 @@
1
- {"version":3,"file":"patterns.js","sourceRoot":"","sources":["../../src/sanitizer/patterns.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAUH,MAAM,CAAC,MAAM,kBAAkB,GAAuB;IACpD,gGAAgG;IAChG;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,6CAA6C;QAC1D,KAAK,EAAE,0NAA0N;QACjO,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,kCAAkC;IAClC;QACE,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,sDAAsD;QACnE,KAAK,EAAE,oKAAoK;QAC3K,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,oBAAoB;IACpB;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,wHAAwH;QAC/H,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,wCAAwC;QACrD,KAAK,EAAE,uJAAuJ;QAC9J,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,4JAA4J;QACnK,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,2CAA2C;QACxD,KAAK,EAAE,+MAA+M;QACtN,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,6CAA6C;QAC1D,KAAK,EAAE,sHAAsH;QAC7H,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,mCAAmC;IACnC;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,6BAA6B;QAC1C,KAAK,EAAE,qFAAqF;QAC5F,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,kCAAkC;IAClC;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,0CAA0C;QACvD,KAAK,EAAE,2DAA2D,EAAE,8BAA8B;QAClG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,wBAAwB;QAC/B,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,OAAO;KAChB;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,oCAAoC;QACjD,KAAK,EAAE,uFAAuF;QAC9F,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,2CAA2C;QACxD,KAAK,EAAE,oCAAoC;QAC3C,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,0BAA0B;QACvC,KAAK,EAAE,oDAAoD;QAC3D,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,0CAA0C;QACjD,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,oCAAoC;QACjD,KAAK,EAAE,gIAAgI;QACvI,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,6BAA6B;QAC1C,KAAK,EAAE,mGAAmG;QAC1G,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,oDAAoD;QACjE,KAAK,EAAE,0FAA0F;QACjG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,oCAAoC,EAAE,iDAAiD;QAC9F,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,gDAAgD;QACvD,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,4FAA4F;QACnG,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,sBAAsB;QACnC,KAAK,EAAE,kDAAkD;QACzD,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,uEAAuE;QAC9E,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,2DAA2D;QACxE,KAAK,EAAE,sKAAsK;QAC7K,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,gCAAgC;QAC7C,KAAK,EAAE,gFAAgF;QACvF,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,oCAAoC;IACpC;QACE,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,+BAA+B;QAC5C,KAAK,EAAE,uEAAuE;QAC9E,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,sCAAsC;IACtC;QACE,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,2CAA2C;QACxD,KAAK,EAAE,2SAA2S;QAClT,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,yCAAyC;QACtD,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,iCAAiC;IACjC;QACE,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,gDAAgD;QAC7D,KAAK,EAAE,gGAAgG;QACvG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,2BAA2B;IAC3B;QACE,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,sCAAsC;QACnD,KAAK,EAAE,2DAA2D;QAClE,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,4BAA4B;IAC5B;QACE,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,iCAAiC;QAC9C,KAAK,EAAE,+FAA+F;QACtG,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,QAAQ;KACjB;IAED,0BAA0B;IAC1B;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,qCAAqC;QAClD,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,6DAA6D;QAC1E,KAAK,EAAE,0HAA0H;QACjI,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,yBAAyB;IACzB;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,iCAAiC;QAC9C,KAAK,EAAE,4DAA4D;QACnE,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,6FAA6F;QACpG,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,qBAAqB;IACrB;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EAAE,4BAA4B;QACzC,KAAK,EAAE,wGAAwG;QAC/G,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,sBAAsB;IACtB;QACE,IAAI,EAAE,iBAAiB;QACvB,WAAW,EAAE,yDAAyD;QACtE,KAAK,EAAE,8IAA8I;QACrJ,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,wBAAwB;IACxB;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,8FAA8F;QACrG,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,uBAAuB;IACvB;QACE,IAAI,EAAE,YAAY;QAClB,WAAW,EAAE,wBAAwB;QACrC,KAAK,EAAE,8DAA8D;QACrE,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,OAAO;KAChB;IAED,8BAA8B;IAC9B;QACE,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,kCAAkC;QAC/C,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,mCAAmC;QAChD,KAAK,EAAE,sFAAsF;QAC7F,QAAQ,EAAE,QAAQ;QAClB,MAAM,EAAE,QAAQ;KACjB;IAED,6BAA6B;IAC7B;QACE,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,0BAA0B;QACvC,KAAK,EAAE,oFAAoF;QAC3F,QAAQ,EAAE,MAAM;QAChB,MAAM,EAAE,QAAQ;KACjB;IAED,+BAA+B;IAC/B;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,uCAAuC;QACpD,KAAK,EAAE,UAAU;QACjB,QAAQ,EAAE,KAAK;QACf,MAAM,EAAE,OAAO;KAChB;CACF,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,kBAAkB;IAChC,OAAO,kBAAkB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAgD;IACpF,OAAO,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACjE,CAAC"}